Cisco Switching/Routing :: Outbound Versus Inbound Access Lists On Catalyst 3750X?
Mar 17, 2013
I want to configure accesslists on my Catalyst 3750X-switches to protect different VLANs/networks. Any best-practices about inbound versus outbound accesslists? In my head it is more readable and easier to understand the config when accesslists are assigned outbound on the VLAN to protect instead of assigning them inbound on all possible source-VLANs. But of course, from a performance point-of-view it is better to use inbound access-lists to avoid un-necessary routing etc.
View 1 Replies
ADVERTISEMENT
May 29, 2013
I have started to use ip extended access-lists on several 3750X-switches to filter inbound and outbond traffic on the VLANs. But it seems that the use of object-groups is not supported, is this correct? Is it really no way to group different ip-addresses into groups and then use these groups in the access-lists?
I am running sw version 15.0(1)SE2.
View 1 Replies
View Related
Feb 21, 2013
I'm intending to purchase a switch for work,and I need to limit the bandwidth of one of the ports to 25 Mbit upload and 25 Mbit download (we have 100/100 Mbit connection and the customer is only paying for 25). I been trying to find information on how this could be "properly" done and what kind of switch I need to buy. As far as I have understood, most L2+ switches support outbound rate limiting, but not inbound, and as I only want the customer to have 25 mbit up and down, I need both.
I been looking at a Cisco Catalyst 3560 switch, and I'm first and foremost wondering if I can limit the inbound AND outbound bandwidth on this switch? Perhaps it can even be done on a simpler, cheaper, switch - as I rather not spend more money then necessary?
Lastly, how to do it, limit the inbound and outbound bandwidth on a single port (perhaps on the above mentioned switch, if possible), to 25 Mbit?
View 3 Replies
View Related
Dec 11, 2012
dont seem to be able to get policing working inbound on a port 3750X v 15.0(2)
Config is below:
ip access-list extended SMB
permit tcp host 192.168.1.14 host 172.16.1.30
permit tcp host 192.168.1.14 host 172.16.1.31
[Code]....
View 6 Replies
View Related
Nov 20, 2011
I'm running a Cisco ASA 5510 with version 7.2(3) and I've been tasked with permitting some inbound & outbound TCP & UDP ports to/from a specified address space on the internet.
In looking at my current ASA config I see other access lists already configured so I'm assuming I can just set up a new access list in similar fashion, but I wanted to verify here first.
View 6 Replies
View Related
May 6, 2013
What is the preferred access switch for new deployment. Choosing between 3850 and 3750x. I have to say that the 3850 wireless features will not be used in this deployment and 4 switch for stack is enough... Looked and read everything that I found in the press, I can not make an informed choice. I bow to 3850, but I was apprehensive following circumstances:1) not too positive reviews2) to long list of open caveats3) to long list of features are not supported in Cisco IOS XE Release 3.2.0SE4) IOS XE : (With regard to the first three points - yes, I understand that the product is new and it has not gone further stage of "childhood diseases" ...Regarding the fourth point - I understand correctly that this is the direction to be moving Cisco Systems and soon all products migrate from classical IOS to IOS XE and so on?
View 8 Replies
View Related
Feb 6, 2013
What's the difference between a Catalyst 4500 and a Catalyst 4500E series chassis? I believe it has to to do with supporting PoE+? Are the blades in both series interchangeable?
View 1 Replies
View Related
Jul 4, 2012
upgrading our small office network. We currently have about 75 employees with probably 125 devices on the network. I'd like to create about 10 vlans for the different departments and then configure intervlan routing as needed. Currently we have all unmanaged switches and it's just a huge broadcast storm on the network. We are upgrading our Cisco 800 router to an ASA5505 sec. Plus license. I need some recommendations on switches. Of course, this needs to be done as cheap as possible.... Is there a way to use the ASA to configure all the vlans and intervlan routing and access lists and use a cheaper switch to provide the access layer to hosts?
View 4 Replies
View Related
Jan 27, 2013
I try to updgrade a stack of two 3750X-48PS to the IOS 15.0-2
Same commande has the twelves others stack I have upgrade lately
archive download-sw /overwrite tftp://x.x.x.x/c3750e-universalk9-tar.150-2.SE.tar
or
archive download-sw /overwrite usbflash0:/3750/c3750e-universalk9-tar.150-2.SE.tar (much faster!)
At the end I have this message :
extracting c3750e-universalk9-mz.150-2.SE/info (511 bytes)
extracting c3750e-universalk9-mz.150-2.SE/c3750e-universalk9-mz.150-2.SE.bin (19842267 bytes)
[Code].....
View 3 Replies
View Related
Mar 25, 2013
I have upgraded my Catalyst 3750X-switches to software-version 15.0(2)SE2, but I cannot upgrade the 10G servicemodule to the same version. I use the archive download-sw command to load the c3kx-sm10g-tar.150-2.SE2.tar. The file is loaded to the switch, but when the process starts to transfer the file to the module it fails with the following messages:
Error 2: Unable to transfer image to FRU Modul on switch 1Error: Failed to update FRU Module image
The modules is now running with in-compatible versions as shown below:
Switch# H/W Status (CPU/FPGA) CPU Link Version
-----------------------------------------------------------------
1 OK 77C/71C ver-mismatch 03.00.41
2 OK 73C/73C ver-mismatch 03.00.41
View 1 Replies
View Related
Nov 20, 2011
if I read the Datasheet of Catalyst 3750X-Series-Switches it is possible to connect a new X-Switch to an existing and old Catalyst 3750-Series Stack.What kind of requirements are needed? Only same IOS-Version in the hole Stack and if possible same Feature-Set? .... like in a normal NOT mixed Stack?
View 4 Replies
View Related
Apr 9, 2013
Is it possible to mix 1 and 10 Gigabit links on a 1/10Giga Network Module of the Cat3750X? I mean porte GE1/1/1 and GE1/1/2 used with SFP and port TE1/1/2 used with SFP+; that makes TE1/1/1 not available as GE1/1/3 and 1/1/4
View 7 Replies
View Related
Jan 31, 2012
I work at a hospital and we have 3750X-48P switches in stacks in various locations throughout the hospital. We have noticed that when an EKG machine is plugged into one of the ports on some of these switches and the EKG machines are set manually to 100/Full, the ports are no longer usable until the switch is restarted. The switch is configured for auto. If the EKG machine is set to auto, it will work and not cause problems. The link on the interface will show up/up and there will be output packets increasing. However, there will be no inputs on the link and the port is unusable. Unfortunately, even when the device is removed, the port becomes unusable for any device. Is there any way to fix this problem without rebooting the switch?
View 5 Replies
View Related
Apr 10, 2012
Assume I had Catalyst 3560X/3750X with 24 ports. The partnumber is WS-C3560X-24P-LI would like to how is the numbering defined if the switches have a C3KX-NM-10G installed with 4 SFP-GE-L.
View 1 Replies
View Related
May 17, 2012
the following information before:
Switch: WS-C3750X-48P (Stack with 2 Members)
IOS: 12.2(58)SE2
Lic: IPBASEK9
uptime: rebooted this night
[code]....
Since i added another Member to the Stack, i'm facing the following problem:When i login with my tacacs user account, i will not be asked for the password.The same thing is for the tacacs account of my colleague, after entering the username he is logged in.It seems for me, that the passwords are cached only for this Switch.
View 3 Replies
View Related
Sep 5, 2012
our network is spread over 15 floors and each floor we have 5-6 switches. we are planning to purchase cat3750-x 24 ps poe with C3KX-NM-10G network modules. Each floor has two up links to the core switch with single mode fiber and other being the multimode.Suppose if we are purchasing 75 switches do we have to purchase 75 C3KX-NM-10 G modules.? or can we limit our purchase with 15 C3KX-NM-10G sothat two uplinks from each floor can be made? since network modules are optional cost factor is invovled. Or any issue with stacking ? the SFPs will be LR and LRM MODULES.looking for an answer ? whether the new usb type console cable comes bundled with cat350x or shall we have to order separately?
View 7 Replies
View Related
Nov 14, 2011
convergence time in case of stack master will be switched over to other switch.In my understating, when the stack master will be switched over to other switch based on election algorithm, convergence time will be less than 10 second.
I tried to calculate concersion time during fail over testing but convergence time was 21 second. I think it is too long...
Expected reasons
・I configured Rapid Spanning tree protocol between L3 and L3. (But RSTP's convergence time is 2~3 second..)
View 4 Replies
View Related
Jul 21, 2012
When quoting a Catalyst 3750X with PoE (WS-C3750X-48P-E) the Dynamic Configurator Tool allows to include as the secondary power supply option the Catalyst 3K-X 350W AC Secondary Power Supply (C3KX-PWR-350WAC/2), but the default included primary power supply is the Catalyst 3K-X 715W AC Power Supply (C3KX-PWR-715WAC). My questions are the following:
1. Will this combination of power supply work?
2. Will the C3KX-PWR-350WAC/2 be able to power up the switch if the primary power supply of 715W fails?
3. Will the PoE will be lost if the primary power supply fails and only the secondary power supply of 350W keeps working?
4. If this secondary power supply of 350W is not suitable for PoE, why it is available as a secondary power supply option in the Dynamic Configurator Tool for a PoE switch?
View 4 Replies
View Related
May 12, 2013
configuration of a Catalyst 3750X and Barracuda Web Filter using WCCP protocol.
We used various WCCP protocol settings, unable set to redirect traffic to the Web Filter.
This is the current configuration of 3750X:
ip routing
ip wccp 94 redirect-list 194 group-list 50
ip wccp 95 redirect-list 195 group-list 50
[Code]......
View 5 Replies
View Related
Apr 3, 2011
I'm trying to work out if I need to order the "IP services" image for a couple of C3750-X. I need to run OSPF on these switches, but find the IOS image requirements on Cisco contradict.
At the top of the data sheet it says: • Open Shortest Path First (OSPF) in IP Base image
On the product info page it says: IP Base: Enterprise Access Layer 3 Switching, including OSPF (Open Shortest Path First) for routed access
But in lots of other places it says you need 'IP services' for OSPF.
As the IP services IOS is quite a bit more expensive I would like to avoid buying it. What image do I need to run OSPF?
View 6 Replies
View Related
Feb 13, 2012
Need to clarify if ip sla icmp echo operation is supported in catalyst 3kx switches (ip services)? on the configuration guide, commands are available, but on the feature navigator, i can't find the feature, only ip sla video operation. i don't have a device to test on here.
View 2 Replies
View Related
Dec 6, 2012
I have two ISP, I want to divide Inbound to ISP1 and Outbound to ISP2.
View 3 Replies
View Related
Jan 30, 2012
I know I can use the RTR statement to determine when the primary ISP circuit goes down via this technote: url...My question can I assign static Nats on the backup ISP connection to the same inside servers in the dmz.?Example 10.1.1.11 is mapped to ISP1 ExternaIP of 65.217.77.11. Can it 10.1.1.11 also be mapped to ISP2's 208.217.77.11?This way I can get my DNS changed and my inbound traffic to servers in my DMZ on the asa 5510 running 8.0.3 code can continue to receive Inbound traffic.
View 1 Replies
View Related
Feb 5, 2013
-I need to configure the following on my PIX:
TCP port 2195 - outbound
-TCP port 2196 - inbound
How would I configure this via ASDM?
View 3 Replies
View Related
Dec 26, 2011
I’m trying to configure my ASA 5505, in order to allow my inbound and outbound mail communications. Here with this mail I’ve attached a diagram which illustrates my exact network setup along with ip addresses.
In this setup I’ve enabled port forwarding on my ADSL router (port 25 and 110) and configured the ASA accordingly, and my mail server is located inside my network.
My problem is currently I can send mails from my inside network to outside but my not receiving any mails which originate from outside. I’ve attached my current ASA configuration as well,
C:UsersSuthakarDocumentsOffice_DocsThakralABC Computers
Final config on ASA5505
host name Cisco
enable password 8Ry2YjIyt7RRXU24 encrypted
password 2KFQnbNIdI.2KYOU encrypted
names
!interface Vlan1
nameif inside
security-level 100
ip address 192.168.155.201 255.255.255.0
[Code] ......
View 3 Replies
View Related
Feb 28, 2012
I have a weather station at our high school that needs UDP port 9500 open inbound/outbound to specified IP addresses.
Cisco PIX Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(5)57
View 1 Replies
View Related
May 15, 2012
RV220W - I'm trying to create a one-to-one NAT connection to a PC on my network. I have 5 static IP's assigned by my ISP. I've gone through the step of 'registering' each IP in turn on the WAN port, and pinging that IP from an external device until it starts to respond, then I set the WAN IP back to the one I want to use to manage the device.
I think what I want to do is simple. I simply want to NAT ALL traffic hitting my 2nd IP address, let's call it 24.15.120.73 (not the real value) to 192.168.1.10 internally. I want ALL ports both UDP and TCP to be forwarded. This Server is then going to be one end of a VPN tunnel going to another site, but I don't want to complicate things with that for now. So I can't even seem to get one-to-one NAT working! I created the one-to-one NAT on the Advanced tab of the firewall and created rules for all ports for UDP and TCP, but I can still never 'see' the internal server from the Internet. Also, the server will not get out to the Internet (can't hit Google, etc).
View 2 Replies
View Related
Aug 8, 2012
the following information before:
Switch: WS-C3750X-48P (Stack with 2 Members)
IOS: 12.2(58)SE2
Lic: IPBASEK9
[Code]....
Since i added another Member to the Stack, i'm facing the following problem: When i login with my tacacs user account, i will not be asked for the password. The same thing is for the tacacs account of my colleague, after entering the username he is logged in. It seems for me, that the passwords are cached only for this Switch.
View 3 Replies
View Related
Oct 23, 2012
I am trying to block outbound and inbound traffic on TCP 5222 and 5223 on E2500 but cannot figure out how. The reason is I have kids in my house using KiK (texting app) on iPads, iPods etc. My goal is to eliminate this applications ability to function for ANY wireless device connected to my WLAN.
View 1 Replies
View Related
Jan 17, 2013
My management has tasked me to give them a high level overview of the different switching we can choose for our new building.
This is what I know so far.4 Closets, each closet has 450 ports,One MDF room that is will contain one UCS Chassis and a Nimble iSCSI SAN.
I am working on the spreadsheet and it looks like this (Not totally filled):
2960s3560x3750x45064510Approx cost (Each, 48PORT, POE+, 10G uplink, Dual PS, IP BASE)
6K7K8K45K75KMax Capacity192432432192384Backplane speed206464520520ProLeast ExpensiveStackable to 9Stackable to 9ProDual PSDual PSDual PSDual PSDual PSProLayer 3 opt
Layer 3 optDual SupsDual SupsConExpensiveExpensiveConNo Dual PSConLayer 2 OnlyCannot stack more than 4
For the MDF I would like to use 2 Nexus 5548's with FEX's, and the layer 3 daughter board. For the IDF's I was thinking of two 4010's.
View 12 Replies
View Related
Jan 12, 2013
This is my scenario. I have my IP as 172.16.1.1 (aaaa.bbbb.cccc.dddd) which has full internet access. Now when i am not available in the office, i noticed some one assigning my IP in to his workstation and gaining full internet access. How do i restrict such things? i.e. even if some one assigning my IP on the network, they shouldnt access LAN or WAN.I tried 'arp 172.16.1.1 aaaa.bbbb.cccc.dddd arpa' configuring on my L3 Cisco 3750X switch assuming i can acheive, but that did not work.
View 8 Replies
View Related
Feb 6, 2013
I have a LIII Switch Cisco 3750x ,with diffrent Vlans , Some users are in Vlan 102 (10.10.2.0) and Some Users are in Vlan1 (10.10.1.0) , now i want to restrict the Vlan102 users to access Vlan1 , i am pasting my configuration below , how to create a access list .
interface Vlan1
ip address 10.10.1.36 255.255.255.0
ip helper-address 10.10.1.36
[Code].....
View 2 Replies
View Related
Mar 19, 2013
I have one issue on Vlan in Cisco 3750X switches , I have 2 Offices , I am sitting at corp OFfice and i have one 3750 ( 10.10.1.36)Switch at my location , in my remote office i have one more switch 3750 ( 10.10.33.1) and i am able to access the both vlan IPS with out any issue , now i have some network components in Vlan33 ( 10.10.33.1) at my remote office . i am able to ping 10.10.33.1 IP from my corp office , but i am not able to ping any network devices in 10.10.33.5 example : 10.10.33.5 is my Cyberoam IP at remote location and i am not able to ping , i have taken a trace route and not able to find the issue as i am not much femilar , ping 10.10.33.5 at remote location devicec
I am giving the Configuration for both locaitons below :
10.10.1.36 - Corp Office 3750 Switch:
sh run
L3-#sh running-config
Building configuration...
[Code].....
View 1 Replies
View Related
